We all know Norton can’t protect you , but also Norton is sometimes a pain in the ass to uninstall , sometimes it has files you cant remove etc. But even before you get to that point you’re prompted for an uninstall passowrd? wtf? sometimes you were the person who installed it sometimes you’re not either  way you don’t know the password. Here’s a simple way to bypass that problem.

The default password that should work for most of the Symantec uninstallation is “symantec“. Duh.

If the default password doesn’t work do this:
1) Go to Start -> Run and type regedit

2) Navigate to: 

HKEY_LOCAL_MACHINE\SOFTWARE\INTEL\LANDesk\VirusProtect6\CurrentVersion\Administrator Only\Security\

3) Double click on the value name “UseVPUninstallPassword” and change the value from 1 to 0

4) Close the registry and retry the uninstall.

If you forgot your Windows login password which contains your most valuable data with your all favorite setting and you fear about loosing all the data and settings? Then you don’t worry about this problem, if unfortunately you have this problem. Here is the best method to restore your Windows login password provided if you have the Windows installation CD.

1. Place your Windows XP CD in your cd-rom and start your computer (it’s assumed here that your XP CD is bootable – as it should be – and that you have your bios set to boot from CD)

2. Keep your eye on the screen messages for booting to your cd Typically, it will be “Press any key to boot from cd”

3. Once you get in, the first screen will indicate that Setup is inspecting your system and loading files.

4. When you get to the Welcome to Setup screen, press ENTER to Setup Windows now

5. The Licensing Agreement comes next – Press F8 to accept it.

6. The next screen is the Setup screen which gives you the option to do a Repair.

It should read something like “If one of the following Windows XP installations is damaged, Setup can try to repair it”

Use the up and down arrow keys to select your XP installation (if you only have one, it should already be selected) and press R to begin the Repair process.

7. Let the Repair run. Setup will now check your disks and then start copying files which can take several minutes.

8. Shortly after the Copying Files stage, you will be required to reboot. (this will happen automatically – you will see a progress bar stating “Your computer will reboot in 15 seconds”

9. During the reboot, do not make the mistake of “pressing any key” to boot from the CD again! Setup will resume automatically with the standard billboard screens and you will notice Installing Windows is highlighted.

10. Keep your eye on the lower left hand side of the screen and when you see the Installing Devices progress bar, press SHIFT + F10. This is the security hole! A command console will now open up giving you the potential for wide access to your system.

11. At the prompt, type NUSRMGR.CPL and press Enter. Voila! You have just gained graphical access to your User Accounts in the Control Panel.

12. Now simply pick the account you need to change and remove or change your password as you prefer. If you want to log on without having to enter your new password, you can type control userpasswords2 at the prompt and choose to log on without being asked for password. After you’ve made your changes close the windows, exit the command box and continue on with the Repair (have your Product key handy).

13. Once the Repair is done, you will be able to log on with your new password (or without a password if you chose not to use one or if you chose not to be asked for a password). Your programs and personalized settings should remain intact.

This is easy, but you could potentially break everything with an errant rm -r. You need to grab PTerminal, a command line tool, from the Android marketplace. From there, you navigate to your system/bin folder (where the binaries are kept) and type telnetd to launch the telnet program which lets you login to the phone remotely.

Assuming your Wi-Fi is switched on, you can now type netstat to get your IP address. From there, you just grab a computer on the same network and telnet in. You now have root access to the entire file system. This is the dangerous part, the root user, or superuser, is the God of the computer and can do anything, so proceed with care.

Security researchers say they’ve developed a way to partially crack the Wi-Fi Protected Access (WPA) encryption standard used to protect data on many wireless networks.

The attack, described as the first practical attack on WPA, will be discussed at the PacSec conference in Tokyo next week. There, researcher Erik Tews will show how he was able to crack WPA encryption, in order to read data being sent from a router to a laptop computer. The attack could also be used to send bogus information to a client connected to the router.
(more…)

See how long it would take you brute-force your password using this handy php script:
http://www.hackosis.com/projects/bfcalc/bfcalc.php
The code is open source and can be downloaded from:
http://www.hackosis.com/wp-content/uploads/2007/11/bfcalc.zip

The month’s victim comes courtesy of Yahoo, or should I say Yahoo’s HotJobs.com. On October 28^th, popular internet research and analysis company Netcraft discovered a vulnerability on the Yahoo site that was being exploited to steal user authentication cookies. These cookies contain user login credentials that can be used to access any of Yahoo’s services, including e-mail. These cookies were being sent remotely to a site in the United States under the control of the attacker.

Yahoo has since corrected the flaw and released the following statement to netcraft:

The team was made aware of this particular Cross-Site Scripting issue yesterday morning (Sunday, Oct. 26) and a fix was deployed within a matter of hours. Yahoo! appreciates Netcraft’s assistance in identifying this issue.

As a safety precaution, we recommend users change their passwords, should they still be concerned. Users should always verify via their Sign-in Seal that they are giving their passwords to Yahoo.com.

How it happened:

The attacker managed to find a flaw at hotjobs.yahoo.com that allows visitors to inject obfuscated JavaScript into the page. The script can be configured to steal authentication cookies. The authentication cookie can then be used to allow the attacker to pose as the user.  This type of attack, and loyal netleets readers already know, is called cross-site scripting. Earlier in the year netcraft found a similar flaw at ychat.help.yahoo.com.

This attack was probably executed using the CookieMonster tool that has recently affected netflix.com and bankofamerica. CookieMonster is a cookie stealing toolkit that works with both http and https sites. It siphons authentication cookies from vulnerable sites. These cookies can be used to hijack a users account.

Theregister.co.uk best describes CookieMonster as follows:

The vulnerability stems from website developers’ failure to designate authentication cookies as secure. That means web browsers are free to send them over the insecure http channel, and that’s exactly what CookieMonster causes them to do. It does this by caching all DNS responses and then monitoring hostnames that use port 443 to connect to one of the domain names stored there. CookieMonster then injects images from insecure (non-https) portions of the protected website, and – voila! – the browser sends the authentication cookie.

A CookieMonster blog listed several popular sites that were allegedly vulnerable back in September. Those sites include southwest.com, expedia.com, usairways.com, register.com, newegg.com, ebay.com, any many many more.

What can be done:

In addition to the steps outlined in this XSS tutorial, sites that contain cookies for authentication must not allow cookie values to be translated on the client side. In the early days of cookie based authentication, many sites simply stored authentication information in the cookie, which can be read in any text editor. Today, cookies merely act as a reference point for server side authentication, however if the cookie can be used from any client, it defeats the purpose of even hiding the true value.

Perhaps the easiest thing that could have been done on Yahoo’s part would have been to configure their site to use http-only or https-only cookies. If only http is allowed, malicious javascript cannot be injected.

Via: netleets.com

A team of Swiss researchers have discovered a security vulnerability in many modern keyboards that allow keystrokes to be captured remotely by tracking electromagnetic emissions. The discovery raises concerns about entering sensitive data like banking passwords using a computer keyboard or even an ATM keypad.
(more…)

lm2ntcrack provides a simple way to crack instantly Microsoft Windows NT Hash (MD4) when the LM Password is known. lm2ntcrack is Free and Open Source software.
This software is entirely written in Perl, so its easily ported and installed.
(more…)

SA is the administrative login for the MSSQL. To Change the MSSQL SA password please use following steps:

Step 1. Go to the command prompt of the server ( Start >> Run >> Cmd ) and type in command

osql –L

This command will list all the MSSQL servers near you.

Step 2. Copy full name of required MSSQL server and type

osql -S copied_servername –E

By this command you’ll connect to MSSQL server using Server administrator account (Windows Authentication).

Step 3. To change sa password you should execute the following query:

1> sp_password NULL,’new_password’,’sa’
2> go

Here the new_password will be the password which you want to set.

Now try to login to MSSQL using new password.

Another quick way:

OSQL -S MyServer -E -Q "EXEC sp_defaultdb 'sa', 'master'"
OSQL -S MyServer -E -Q "EXEC sp_password NULL, 'NewPassword', 'sa'"

Our friends over at WonderHowTo.com just launched the 2008 Video Awards! For those of you who have never been to the site, or seen our left sidebar on this site linking to their videos,they are the one-stop shop for all how-to videos on the internet. With a library of over 225,000 videos they provide the largest, most contemporary, and most diverse resource in this increasingly growing space.

The WonderHowTo 2008 Video Awards! is their first annual competition that celebrates excellent instructional videos…on any topic under the sun. Since they source and index videos from more than 1900 specialty sites around the world, they truly get front row seats to every insanely wonderful tutorial that is produced. WonderHowTo picked the nominees based on numerous factors including; intent to instruct, originality of concept, and story telling. Categories include Hacks, Sex, Pranks, Weird Science and many more. These finalists’ videos are extremely interesting and I have a feeling that the voting will come down to the wire

Voting will be open for one month, from October 13th through midnight PST November 13, so get over to WonderHowTo right now and vote on the 2008 Best How To Videos In The Universe.